Windows 11
1. Setup without MS account
When it is asking you if you are setting it up for personal/home or work, you can select for work, then on the next page, click on Sign in Options, and choose Domain Join, it will then give you the option to create local user and bypass Microsoft account. You won’t need to actually set up for domain join at all, or will this mean domain join. It is just the path to get the local account creation to come up.
2.
Disable Startup Programs/Apps
Disable Animations and Visual Effects
Disable Game Mode
3. Remove Apps
In PowerShell (for each accounts):
Get-AppxPackage Clipchamp.Clipchamp | Remove-AppxPackage
Get-AppxPackage Microsoft.3DBuilder | Remove-AppxPackage
Get-AppxPackage Microsoft.549981C3F5F10 | Remove-AppxPackage
Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage
Get-AppxPackage Microsoft.BingFoodAndDrink | Remove-AppxPackage
Get-AppxPackage Microsoft.BingHealthAndFitness | Remove-AppxPackage
Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage
Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage
Get-AppxPackage Microsoft.BingTranslator | Remove-AppxPackage
Get-AppxPackage Microsoft.BingTravel | Remove-AppxPackage
Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage
Get-AppxPackage Microsoft.Messaging | Remove-AppxPackage
Get-AppxPackage Microsoft.Microsoft3DViewer | Remove-AppxPackage
Get-AppxPackage Microsoft.MicrosoftJournal | Remove-AppxPackage
Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage
Get-AppxPackage Microsoft.MicrosoftPowerBIForWindows | Remove-AppxPackage
Get-AppxPackage Microsoft.MicrosoftSolitaireCollection | Remove-AppxPackage
Get-AppxPackage Microsoft.MixedReality.Portal | Remove-AppxPackage
Get-AppxPackage Microsoft.NetworkSpeedTest | Remove-AppxPackage
Get-AppxPackage Microsoft.News | Remove-AppxPackage
Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage
Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage
Get-AppxPackage Microsoft.OneConnect | Remove-AppxPackage
Get-AppxPackage Microsoft.Print3D | Remove-AppxPackage
Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage
Get-AppxPackage Microsoft.WindowsFeedbackHub | Remove-AppxPackage
Get-AppxPackage Microsoft.WindowsMaps | Remove-AppxPackage
Get-AppxPackage Microsoft.WindowsSoundRecorder | Remove-AppxPackage
Get-AppxPackage Microsoft.*xbox* | Remove-AppxPackage
Get-AppxPackage Microsoft.*Xbox* | Remove-AppxPackage
Get-AppxPackage Microsoft.ZuneVideo | Remove-AppxPackage
Get-AppxPackage MicrosoftCorporationII.MicrosoftFamily | Remove-AppxPackage
Get-AppxPackage MicrosoftTeams | Remove-AppxPackage
4. Disable services
Windows Search
Windows Biometric Service
Geolocation Service
Windows 10
0. Remove Windows 10 bloat
Get-AppXProvisionedPackage -Online
Remove-AppxProvisionedPackage -Online
1. Remove Windows10 built-in Apps
Using PowerShell (for each accounts):
Get-AppxPackage *windowsstore* | Remove-AppxPackage
Get-AppxPackage *Cortana* | Remove-AppxPackage
Get-AppxPackage *oneconnect* | Remove-AppxPackage
Get-AppxPackage *solitair* | Remove-AppxPackage
Get-AppxPackage *onenote* | Remove-AppxPackage
Get-AppxPackage *bing* | Remove-AppxPackage
Get-AppxPackage *communications* | Remove-AppxPackage
Get-AppxPackage *advertising* | Remove-AppxPackage
Get-AppxPackage *stickynotes* | Remove-AppxPackage
Get-AppxPackage *store* | Remove-AppxPackage
Get-AppxPackage Microsoft.GetHelp | Remove-AppxPackage
Get-AppxPackage Microsoft.Getstarted | Remove-AppxPackage
Get-AppxPackage Microsoft.Microsoft3DViewer | Remove-AppxPackage
Get-AppxPackage Microsoft.People | Remove-AppxPackage
Get-AppxPackage Microsoft.Print3D | Remove-AppxPackage
Get-AppxPackage Microsoft.ScreenSketch | Remove-AppxPackage
Get-AppxPackage Microsoft.Wallet | Remove-AppxPackage
Get-AppxPackage Microsoft.WindowsFeedbackHub | Remove-AppxPackage
Get-AppxPackage Microsoft.WindowsMaps | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxGameOverlay | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxSpeechToTextOverlay | Remove-AppxPackage
Get-AppxPackage Microsoft.YourPhone | Remove-AppxPackage
Get-AppxPackage Microsoft.WindowsCamera | Remove-AppxPackage
# Get-AppxPackage Microsoft.Windows.Photos | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxIdentityProvider | Remove-AppxPackage
Get-AppxPackage Microsoft.DesktopAppInstaller | Remove-AppxPackage
Get-AppxPackage Microsoft.Messaging | Remove-AppxPackage
Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage
Get-AppxPackage Microsoft.MixedReality.Portal | Remove-AppxPackage
Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage
Get-AppxPackage Microsoft.Xbox.TCUI | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage
Get-AppxPackage Microsoft.XboxGamingOverlay | Remove-AppxPackage
Get-AppxPackage Microsoft.ZuneMusic | Remove-AppxPackage
Get-AppxPackage Microsoft.ZuneVideo | Remove-AppxPackage
2 . Next services to stop and disable
Windows Search
Windows PushToInstall Service
Windows Push Notification System Service
Windows Biometric Service
Connected User Experience and Telemetry
Microsoft Account Sign-In Assistant
Microsoft Store Install Service
Geolocation Service
SecurityHealthService
Disable Bing and Cortana Search
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Search]
“BingSearchEnabled”=dword:00000000
“CortanaConsent”=dword:00000000
Disable ads from Microsoft
To disable such ads in the Start menu, right-click the ad when you see it and select “Turn off all suggestions” option in the context menu. You can also open Settings and navigate to Personalization > Start, and disable the following option:
Occasionally show suggestions in Start.
Defer Windows 10 update
Settings > Update & Security > Advanced Options
set 10 days for quality and feature update.
Other services to disable:
http://www.blackviper.com/service-configurations/black-vipers-windows-10-service-configurations/
3. Scheduled tasks to disable
UpdateOrchestrator (Recurring Scan and UX broker)
Windows Defender disable (all)
Application Experience (all)
AutoChk
Customer Experience Improvement Program (all)
DiskDiagnostic (Collector)
Feedback (all)
PushToInstall (Registration)
RetailDemo (all)
Windows Update (all)
4. Disable IPv6
netsh interface teredo set state disabled
netsh interface isatap set state disabled
netsh interface 6to4 set state disabled
5. Dis-allow telemetry
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DataCollection
AllowTelemetry = 0
- Open Registry Editor, and go to HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\DataCollection.
- Right-click DataCollection, click New, and then click DWORD (32-bit) Value.
- Type AllowTelemetry, and then press ENTER.
- Double-click AllowTelemetry, set the desired value from the table above, and then click OK.
6. Turn off Windows Features
Internet Explorer
Media Features
MS Print to PDF
MS XPS Document Writer
7. Turn on SMB v1.0 / CIFS File Sharing
8. Remove unnecessary startup applications after installing all apps
9. setup scripts
https://www.google.com/search?q=windows+10+setup+script&ie=utf-8&oe=utf-8&client=firefox-b-m
http://checkthebenchmarks.com/2019/09/11/win10-initial-setup-script/
https://gist.github.com/alirobe/7f3b34ad89a159e6daa1
https://m.slashdot.org/story/363846
Thunderbird
1. Disable hyperlinks
Open Thunderbird
Go to Edit>Preferences.
Go to the Advanced>General tab, then click Config Editor.
Promise that you will be careful
Type this into the search bar: network.protocol-handler.external-default
Double click on the option that appears to make it false.
Note: If it’s alerady false, you are not able to click on any link anyway.
Done, you can now close the two windows.
Firefox
1. Disable telemetry
https://www.askvg.com/tip-disable-telemetry-and-data-collection-in-mozilla-firefox-quantum/
2. Disable PDF javascript
about:config
pdfjs.enableScripting
set to false
Workaround for Follina
- You can disable the preview pane in windows explorer, but it will not prevent the payload to run when entering the document itself:
- Open file explorer.
- Click on the View tab.
- Click on the preview pane button to hide it
- Refrain from opening .rtf files that originate from internet, even in preview mode.
- Run Command Prompt as Administrator.
- Execute the command “reg delete HKEY_CLASSES_ROOT\ms-msdt /f”.